Caching Terraform providers #3001
Conversation
cli/commands/run-all/command.go
Outdated
| Name: FlagNameTerragruntProviderCacheDir, | ||
| Destination: &opts.ProviderCacheDir, | ||
| EnvVar: "TERRAGRUNT_PROVIDER_CACHE_DIR", | ||
| Usage: "The path to the cache directory. Default is .terragrunt-cache/provider-cache in the working directory.", |
There was a problem hiding this comment.
Why would we default to the working directory? Doesn't that mean we store the cache in a different folder each time based on where you happened to run a TG command from? If so, doesn't that mean that the TG cache isn't reused across commands?
Seems like we should default to the home folder: e.g., ~/.terragrunt/provider-cache.
There was a problem hiding this comment.
Using the same directory by multiple TG processes could cause a conflict, the same as running multiple TF processes with the same PluginCacheDir path. I modified the code, now Terragrunt Provider Cache uses a flock to prevent this.
Now it uses the native Go function https://pkg.go.dev/os#UserCacheDir + "terragrunt/providers" to determine the default cache directory.
cli/commands/run-all/command.go
Outdated
| Name: FlagNameTerragruntRegistryToken, | ||
| Destination: &opts.RegistryToken, | ||
| EnvVar: "TERRAGRUNT_REGISTRY_TOKEN", | ||
| Usage: "The Token for connecting to the built-in Private Registry server. By default generated automatically.", |
There was a problem hiding this comment.
I don't think we should call it "Private Registry." A Private Registry has a different connotation in the TF world: https://developer.hashicorp.com/terraform/registry/private. Perhaps we should call it "Terragrunt Provider Proxy" or "Terragrunt Provider Cache" or similar?
There was a problem hiding this comment.
Agree. Renamed to "Terragrunt Provider Cache".
cli/commands/run-all/command.go
Outdated
| Name: FlagNameTerragruntRegistryHostname, | ||
| Destination: &opts.RegistryHostname, | ||
| EnvVar: "TERRAGRUNT_REGISTRY_HOSTNAME", | ||
| Usage: "The hostname of the built-in Private Registry server. Default is 'localhsot'.", |
There was a problem hiding this comment.
| Usage: "The hostname of the built-in Private Registry server. Default is 'localhsot'.", | |
| Usage: "The hostname of the built-in Private Registry server. Default is 'localhost'.", |
| // HTTPStatusCacheProviderReg is regular expression to determine the success result of the command `terraform lock providers -platform=cache provider`. | ||
| var HTTPStatusCacheProviderReg = regexp.MustCompile(`(?mi)` + strconv.Itoa(controllers.HTTPStatusCacheProvider) + `[^a-z0-9]*` + http.StatusText(controllers.HTTPStatusCacheProvider)) |
There was a problem hiding this comment.
NIT: consider including an example of the type of text you're trying to match.
cli/commands/run-all/command.go
Outdated
| Name: FlagNameTerragruntRegistryToken, | ||
| Destination: &opts.RegistryToken, | ||
| EnvVar: "TERRAGRUNT_REGISTRY_TOKEN", | ||
| Usage: "The Token for connecting to the built-in Private Registry server. By default generated automatically.", |
There was a problem hiding this comment.
What is the format for the token? Can it be any value that's hard to guess? I noticed our auto-generated value is something like x-api-token:<UUID>. Does the value the user passes in have to have a similar format to work?
There was a problem hiding this comment.
We use https://github.com/labstack/echo/tree/master/middleware which supports different tokens, but currently only x-api-token is available, the value can be any text except the empty string.
Thanks for pointing this out to me. I changed the code to not force users to add the x-api-token: prefix
terraform/registry/handlers/auth.go
Outdated
| Token string | ||
| } | ||
|
|
||
| func (auth *Authorization) Auth(bearerToken string, ctx echo.Context) (bool, error) { |
There was a problem hiding this comment.
NIT: please add a comment on why we have a check for a token here.
NIT: update the docs (the .md ones I mean) with info on this token as well. Users need to understand this feature enables a server on localhost, and how we protect that server.
terraform/registry/server.go
Outdated
| } | ||
|
|
||
| // Run starts the webserver and workers. | ||
| func (server *Server) Run(ctx context.Context) error { |
There was a problem hiding this comment.
What happens if you run multiple TG commands concurrently on the same system? Will they clash because they both try to fire up a server on the same port?
There was a problem hiding this comment.
It was like that. Now the free port of the port is resolved automatically.
terraform/registry/server.go
Outdated
| errGroup.Go(func() error { | ||
| return server.providerService.RunCacheWorker(ctx) | ||
| }) | ||
| errGroup.Go(func() error { |
There was a problem hiding this comment.
We need "unit tests" for this server. I say "unit test," because it's perhaps closer to an integration test, but I'd really like to have tests that just test this server as a single unit: run server, hit various endpoints, check they work as expected, check auth is enforced, check multiple concurrent servers work, etc.
There was a problem hiding this comment.
Added the unit test.
| @@ -197,6 +199,82 @@ const ( | |||
| fixtureDownload = "fixture-download" | |||
| ) | |||
|
|
|||
| func TestTerragruntProviderCache(t *testing.T) { | |||
There was a problem hiding this comment.
Thanks for adding this test!
Given the rather large impact this has across all TG functionality, could we find a way to run all TG integration tests with (a) caching enabled and (b) caching disabled? I want to be sure all existing functionality still works with caching.
There was a problem hiding this comment.
Added tasks with provider cache.
| registryName = "registry.opentofu.org" | ||
| } | ||
|
|
||
| for subDir, providers := range providers { |
There was a problem hiding this comment.
Does this test have some way of validating that each provider was downloaded and stored exactly once?
There was a problem hiding this comment.
Yes, it does all these checks.
terraform/registry/config.go
Outdated
| ShutdownTimeout time.Duration | ||
| } | ||
|
|
||
| func NewConfig() *Config { |
There was a problem hiding this comment.
Function NewConfig() seems not to be used, or is it invoked somehow through reflection?
|
|
||
| const ( | ||
| // name using for the discovery | ||
| porviderName = "providers.v1" |
| trappedMsgs []string | ||
| } | ||
|
|
||
| func NewTrapWriter(writer io.Writer, reg *regexp.Regexp) *TrapWriter { |
There was a problem hiding this comment.
Will be helpful to add description on how TrapWriter can be used, tests also may be helpful
without
In this case, TF trusting files from the cache, creates the lock file. TG also doesn't check the hashes. So there are no checks. I don't know what kind of check we can do here. with
|
Yea, this is the part that worries me: the lack of hash/signature checking. Is there any way to ensure that happens? |
|
Additional:
Good question. If we don't have a full lock file, we need to check the binaries' providers ourselves. Do this every time TG starts or only at the moment when we cache the provider. In theory, we could carry out a similar check of what TF does when creating lock files, to say for sure, I need to investigate this. |
If this is critical, we could make this flag |
I'd prefer to keep partial lock files enabled by default, as the whole point of provider caching is to go much faster. That said, hash & signature checking is important. With the partial lock file stuff, does TF not check the signature or has at all? |
For new entries in the lock file, the signature and hash are not checked at all. To check, TF needs to download the rest two files, but it doesn’t do this with partial lock (enabled |
|
Addition to the previous comment The only way is to check the provider by hash and signature using the Terragrunt cache server. Every time the cache server receives a request initiated by the Thinking out loud:
|
I have an idea to solve the issue above, is to use
Replacing |
|
In any case, I would suggest merging this pull request first and then making the changes separately. Since after each new update in the |
|
Thanks for the review! Created issue #3047. Merging and creating a new release. |
|
Resolved in v0.56.4 release. Make sure to read Provider Caching. |
|
Hey @levkohimins great work! Just want to make sure I fully understand - this solution addresses the concurrency race condition present in Terraform where providers fail to download if multiple downloads happen at the same time, is that correct? |
Hey @jmreicha, you are absolutely right. |
|
Amazing. This is huge, really good stuff guys. |
[](https://renovatebot.com) This PR contains the following updates: | Package | Update | Change | Age | Adoption | Passing | Confidence | |---|---|---|---|---|---|---| | [GoogleContainerTools/skaffold](https://togithub.com/GoogleContainerTools/skaffold) | patch | `v2.11.0` -> `v2.11.1` | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | | [aquaproj/aqua-registry](https://togithub.com/aquaproj/aqua-registry) | minor | `v4.158.0` -> `v4.160.0` | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | | [dwisiswant0/tlder](https://togithub.com/dwisiswant0/tlder) | minor | `v0.0.1` -> `v0.1.0` | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | | [eza-community/eza](https://togithub.com/eza-community/eza) | patch | `v0.18.9` -> `v0.18.10` | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | | [gruntwork-io/terragrunt](https://togithub.com/gruntwork-io/terragrunt) | patch | `v0.56.2` -> `v0.56.5` | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | | [helm/helm](https://togithub.com/helm/helm) | patch | `v3.14.3` -> `v3.14.4` | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | | [rhysd/hgrep](https://togithub.com/rhysd/hgrep) | patch | `v0.3.5` -> `v0.3.6` | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | | [sigstore/cosign](https://togithub.com/sigstore/cosign) | patch | `v2.2.3` -> `v2.2.4` | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | | [snyk/cli](https://togithub.com/snyk/cli) | minor | `v1.1287.0` -> `v1.1288.0` | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | | [trunk-io/launcher](https://trunk.io) | patch | `1.3.0` -> `1.3.1` | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | --- > [!WARNING] > Some dependencies could not be looked up. Check the Dependency Dashboard for more information. --- ### Release Notes <details> <summary>GoogleContainerTools/skaffold (GoogleContainerTools/skaffold)</summary> ### [`v2.11.1`](https://togithub.com/GoogleContainerTools/skaffold/releases/tag/v2.11.1): Release [Compare Source](https://togithub.com/GoogleContainerTools/skaffold/compare/v2.11.0...v2.11.1) ### v2.11.1 Release - 2024-04-09 **Linux amd64** `curl -Lo skaffold https://storage.googleapis.com/skaffold/releases/v2.11.1/skaffold-linux-amd64 && chmod +x skaffold && sudo mv skaffold /usr/local/bin` **Linux arm64** `curl -Lo skaffold https://storage.googleapis.com/skaffold/releases/v2.11.1/skaffold-linux-arm64 && chmod +x skaffold && sudo mv skaffold /usr/local/bin` **macOS amd64** `curl -Lo skaffold https://storage.googleapis.com/skaffold/releases/v2.11.1/skaffold-darwin-amd64 && chmod +x skaffold && sudo mv skaffold /usr/local/bin` **macOS arm64** `curl -Lo skaffold https://storage.googleapis.com/skaffold/releases/v2.11.1/skaffold-darwin-arm64 && chmod +x skaffold && sudo mv skaffold /usr/local/bin` **Windows** https://storage.googleapis.com/skaffold/releases/v2.11.1/skaffold-windows-amd64.exe **Docker image** `gcr.io/k8s-skaffold/skaffold:v2.11.1` **Full Changelog**: GoogleContainerTools/skaffold@v2.11.0...v2.11.1 Highlights: Fixes: - fix: Windows binary properly signed </details> <details> <summary>aquaproj/aqua-registry (aquaproj/aqua-registry)</summary> ### [`v4.160.0`](https://togithub.com/aquaproj/aqua-registry/releases/tag/v4.160.0) [Compare Source](https://togithub.com/aquaproj/aqua-registry/compare/v4.159.0...v4.160.0) [Issues](https://togithub.com/aquaproj/aqua-registry/issues?q=is%3Aissue+milestone%3Av4.160.0) | [Pull Requests](https://togithub.com/aquaproj/aqua-registry/pulls?q=is%3Apr+milestone%3Av4.160.0) | aquaproj/aqua-registry@v4.159.0...v4.160.0 #### 🎉 New Packages [#​21798](https://togithub.com/aquaproj/aqua-registry/issues/21798) [Songmu/make2help](https://togithub.com/Songmu/make2help): Utility for self-documented Makefile [@​lamanotrama](https://togithub.com/lamanotrama) #### Fixes [#​21747](https://togithub.com/aquaproj/aqua-registry/issues/21747) jetpack-io/devbox: Rename the package `jetpack-io/devbox` to jetify-com/devbox The GitHub Repository of the package `jetpack-io/devbox` was transferred from [jetpack-io/devbox](https://togithub.com/jetpack-io/devbox) to [jetify-com/devbox](https://togithub.com/jetify-com/devbox). #### 🎉 New Contributors Thank you for your contribution! [@​lamanotrama](https://togithub.com/lamanotrama) [#​21798](https://togithub.com/aquaproj/aqua-registry/issues/21798) ### [`v4.159.0`](https://togithub.com/aquaproj/aqua-registry/releases/tag/v4.159.0) [Compare Source](https://togithub.com/aquaproj/aqua-registry/compare/v4.158.0...v4.159.0) [Issues](https://togithub.com/aquaproj/aqua-registry/issues?q=is%3Aissue+milestone%3Av4.159.0) | [Pull Requests](https://togithub.com/aquaproj/aqua-registry/pulls?q=is%3Apr+milestone%3Av4.159.0) | aquaproj/aqua-registry@v4.158.0...v4.159.0 #### 🎉 New Packages [#​21629](https://togithub.com/aquaproj/aqua-registry/issues/21629) [Bearer/gon](https://togithub.com/Bearer/gon): Sign, notarize, and package macOS CLI tools and applications written in any language. Available as both a CLI and a Go library [#​21659](https://togithub.com/aquaproj/aqua-registry/issues/21659) [koyeb/koyeb-cli](https://togithub.com/koyeb/koyeb-cli): Koyeb cli #### Fixes [#​21718](https://togithub.com/aquaproj/aqua-registry/issues/21718) dwisiswant0/tlder: Follow up changes of tlder v0.1.0 dwisiswant0/tlder@b61d4d1 [#​21719](https://togithub.com/aquaproj/aqua-registry/issues/21719) oligot/go-mod-upgrade: Follow up changes of go-mod-upgrade v0.10.0 oligot/go-mod-upgrade@afcc585 </details> <details> <summary>dwisiswant0/tlder (dwisiswant0/tlder)</summary> ### [`v0.1.0`](https://togithub.com/dwisiswant0/tlder/releases/tag/v0.1.0) [Compare Source](https://togithub.com/dwisiswant0/tlder/compare/v0.0.1...v0.1.0) #### Changelog - [`b61d4d1`](https://togithub.com/dwisiswant0/tlder/commit/b61d4d1) chore: update goreleaser config - [`409bb73`](https://togithub.com/dwisiswant0/tlder/commit/409bb73) build: bump mod, lib, & data ([#​5](https://togithub.com/dwisiswant0/tlder/issues/5)) - [`226387f`](https://togithub.com/dwisiswant0/tlder/commit/226387f) Update funding - [`af8252d`](https://togithub.com/dwisiswant0/tlder/commit/af8252d) workflow: Add expression if DB isn't updated </details> <details> <summary>eza-community/eza (eza-community/eza)</summary> ### [`v0.18.10`](https://togithub.com/eza-community/eza/releases/tag/v0.18.10): eza v0.18.10 [Compare Source](https://togithub.com/eza-community/eza/compare/v0.18.9...v0.18.10) ### Changelog #### \[0.18.10] - 2024-04-11 ##### Bug Fixes - Bump trycmd from 0.15.0 to 0.15.1 ##### Miscellaneous Tasks - Release eza v0.18.10 ##### Build - Bump nu-ansi-term from 0.49.0 to 0.50.0 ### Checksums #### sha256sum 0fb41abd0893d20814bda552906796df7df544192cfc099d1c703f75bc921c93 ./target/bin-0.18.10/eza_aarch64-unknown-linux-gnu.tar.gz f1e32e4c733a8a6aacab0059574067d59824c9940669128d4d53815c3efb7b70 ./target/bin-0.18.10/eza_aarch64-unknown-linux-gnu.zip 92b98cf94ab280439adb8a40ba2ae02cdc8c48c027dc5ded550658179a49bb7a ./target/bin-0.18.10/eza_arm-unknown-linux-gnueabihf.tar.gz 859adf0ee66de6ec4e5319dfbfc28b06ffe0796e9a6d8d35bb97b2625f202eea ./target/bin-0.18.10/eza_arm-unknown-linux-gnueabihf.zip 9909671c047ec3e14914cc4294737a3be7cda2802b50b00e3f88571f4be8fb2d ./target/bin-0.18.10/eza.exe_x86_64-pc-windows-gnu.tar.gz e8d793cf5c7748b40b7aea208a0d34c95b948f8be09ba41576b12c8d255f4cd4 ./target/bin-0.18.10/eza.exe_x86_64-pc-windows-gnu.zip 7aeb494792b9b189b994a66821f04317aa83b148f3318aaf976d2a92a5a8a7f5 ./target/bin-0.18.10/eza_x86_64-unknown-linux-gnu.tar.gz 02e9561d24a2324f10ea33ad586feb9251e3a2bec9e301a756d7f447613ca6c3 ./target/bin-0.18.10/eza_x86_64-unknown-linux-gnu.zip cf2591499606663d2d042103e46a4936d765203025220f83d707309ca1138480 ./target/bin-0.18.10/eza_x86_64-unknown-linux-musl.tar.gz c6a1d2bc5a1d07edf7d7d4412243efa353d8dde8ab625565639cd88ac40e572b ./target/bin-0.18.10/eza_x86_64-unknown-linux-musl.zip #### md5sum 317c691e0acd23a92acbca36b9530df2 ./target/bin-0.18.10/eza_aarch64-unknown-linux-gnu.tar.gz 490f37045257aa0a9a96b732ddf88275 ./target/bin-0.18.10/eza_aarch64-unknown-linux-gnu.zip c3e876c1acf2ffe17499accfc0169a4a ./target/bin-0.18.10/eza_arm-unknown-linux-gnueabihf.tar.gz 2111c22b49bb1f84b0944f1796bc52b6 ./target/bin-0.18.10/eza_arm-unknown-linux-gnueabihf.zip f33f53084a83829aec1cb6ea1e95b4b5 ./target/bin-0.18.10/eza.exe_x86_64-pc-windows-gnu.tar.gz f9d2209064985b3a3f25f4fd93a3ba50 ./target/bin-0.18.10/eza.exe_x86_64-pc-windows-gnu.zip 6963c57fe424dedd6bbec3bda8a1348a ./target/bin-0.18.10/eza_x86_64-unknown-linux-gnu.tar.gz a89f081b34680290865c3e5202c58cd1 ./target/bin-0.18.10/eza_x86_64-unknown-linux-gnu.zip 12a48353f895d2c25ea12ad3f83004c0 ./target/bin-0.18.10/eza_x86_64-unknown-linux-musl.tar.gz 59b064c01c047e662ed0851df902852c ./target/bin-0.18.10/eza_x86_64-unknown-linux-musl.zip #### blake3sum 5e76aee096d97a0b3400980c1585c9a404baabe904e8836a585a6e7ded1eb86a ./target/bin-0.18.10/eza_aarch64-unknown-linux-gnu.tar.gz 5e286f555267b930910557e1d8ac6572b6da7d4407b783a8b40bde3ea099b87a ./target/bin-0.18.10/eza_aarch64-unknown-linux-gnu.zip f680686c3ca07ae09d8fe536f8d667bac78e7a1b22d1feca26f408ff725634b3 ./target/bin-0.18.10/eza_arm-unknown-linux-gnueabihf.tar.gz 463c3fd66e19a1b8d7df1205242f28231f31c9693cb2366bd006128922d1d162 ./target/bin-0.18.10/eza_arm-unknown-linux-gnueabihf.zip 19df35e31a5a1a8655454647e442e6c8cfab600a6f3d8063eb9261c16585f6ed ./target/bin-0.18.10/eza.exe_x86_64-pc-windows-gnu.tar.gz 57f6630b5ee31d25c2db190e7373adf494b9ee0c576770620e7f461af74d9513 ./target/bin-0.18.10/eza.exe_x86_64-pc-windows-gnu.zip 0f3dbe0c9ef795d95ef60def43646e1eb940f4d0072f51d6e9a7061b4a0d8ab8 ./target/bin-0.18.10/eza_x86_64-unknown-linux-gnu.tar.gz 2c1d0b151f485db7ca1587228c94a5758170f3beed2972c80291460128370fe4 ./target/bin-0.18.10/eza_x86_64-unknown-linux-gnu.zip 2d06b1606a355a9708950f04c4cc0faa928e7330ee5d7b02da969489a0ef478e ./target/bin-0.18.10/eza_x86_64-unknown-linux-musl.tar.gz b0f07242a9a799577ea559a6a74511f011e59fb96fc741096c999225456e8191 ./target/bin-0.18.10/eza_x86_64-unknown-linux-musl.zip </details> <details> <summary>gruntwork-io/terragrunt (gruntwork-io/terragrunt)</summary> ### [`v0.56.5`](https://togithub.com/gruntwork-io/terragrunt/releases/tag/v0.56.5) [Compare Source](https://togithub.com/gruntwork-io/terragrunt/compare/v0.56.4...v0.56.5) #### Updated CLI args, config attributes and blocks - `apply -destroy` #### Description - Fixes destroy order for `apply -destroy` alias command #### Related links - [gruntwork-io/terragrunt#3011 ### [`v0.56.4`](https://togithub.com/gruntwork-io/terragrunt/releases/tag/v0.56.4) [Compare Source](https://togithub.com/gruntwork-io/terragrunt/compare/v0.56.3...v0.56.4) #### Updated CLI args, config attributes and blocks - `--terragrunt-provider-cache` - `--terragrunt-provider-cache-dir` - `--terragrunt-provider-cache-disable-partial-lock-file` - `--terragrunt-provider-cache-registry-names` - `--terragrunt-provider-cache-hostname` - `--terragrunt-provider-cache-port` - `--terragrunt-provider-cache-token` #### Description - Caching Terraform providers, [docs](https://terragrunt.gruntwork.io/docs/features/provider-cache/) #### Related links - [gruntwork-io/terragrunt#3001 ### [`v0.56.3`](https://togithub.com/gruntwork-io/terragrunt/releases/tag/v0.56.3) [Compare Source](https://togithub.com/gruntwork-io/terragrunt/compare/v0.56.2...v0.56.3) #### Description - Fixes slow destroy of config deeply nested in config hierarchy #### Related links - [gruntwork-io/terragrunt#3015 </details> <details> <summary>helm/helm (helm/helm)</summary> ### [`v3.14.4`](https://togithub.com/helm/helm/releases/tag/v3.14.4): Helm v3.14.4 [Compare Source](https://togithub.com/helm/helm/compare/v3.14.3...v3.14.4) Helm v3.14.4 is a patch release. Users are encouraged to upgrade for the best experience. Users are encouraged to upgrade for the best experience. The community keeps growing, and we'd love to see you there! - Join the discussion in [Kubernetes Slack](https://kubernetes.slack.com): - for questions and just to hang out - for discussing PRs, code, and bugs - Hang out at the Public Developer Call: Thursday, 9:30 Pacific via [Zoom](https://zoom.us/j/696660622) - Test, debug, and contribute charts: [ArtifactHub/packages](https://artifacthub.io/packages/search?kind=0) #### Installation and Upgrading Download Helm v3.14.4. The common platform binaries are here: - [MacOS amd64](https://get.helm.sh/helm-v3.14.4-darwin-amd64.tar.gz) ([checksum](https://get.helm.sh/helm-v3.14.4-darwin-amd64.tar.gz.sha256sum) / 73434aeac36ad068ce2e5582b8851a286dc628eae16494a26e2ad0b24a7199f9) - [MacOS arm64](https://get.helm.sh/helm-v3.14.4-darwin-arm64.tar.gz) ([checksum](https://get.helm.sh/helm-v3.14.4-darwin-arm64.tar.gz.sha256sum) / 61e9c5455f06b2ad0a1280975bf65892e707adc19d766b0cf4e9006e3b7b4b6c) - [Linux amd64](https://get.helm.sh/helm-v3.14.4-linux-amd64.tar.gz) ([checksum](https://get.helm.sh/helm-v3.14.4-linux-amd64.tar.gz.sha256sum) / a5844ef2c38ef6ddf3b5a8f7d91e7e0e8ebc39a38bb3fc8013d629c1ef29c259) - [Linux arm](https://get.helm.sh/helm-v3.14.4-linux-arm.tar.gz) ([checksum](https://get.helm.sh/helm-v3.14.4-linux-arm.tar.gz.sha256sum) / 962297c944c06e1f275111a6e3d80e37c9e9e8fed967d4abec8efcf7fc9fb260) - [Linux arm64](https://get.helm.sh/helm-v3.14.4-linux-arm64.tar.gz) ([checksum](https://get.helm.sh/helm-v3.14.4-linux-arm64.tar.gz.sha256sum) / 113ccc53b7c57c2aba0cd0aa560b5500841b18b5210d78641acfddc53dac8ab2) - [Linux i386](https://get.helm.sh/helm-v3.14.4-linux-386.tar.gz) ([checksum](https://get.helm.sh/helm-v3.14.4-linux-386.tar.gz.sha256sum) / 2cb3ff032be1c39b7199b324d58d0ae05bc4fe49b9be6aa2fcbeb3fc03f1f9e7) - [Linux ppc64le](https://get.helm.sh/helm-v3.14.4-linux-ppc64le.tar.gz) ([checksum](https://get.helm.sh/helm-v3.14.4-linux-ppc64le.tar.gz.sha256sum) / d0d625b43f6650ad376428520b2238baa2400bfedb43b2e0f24ad7247f0f59b5) - [Linux s390x](https://get.helm.sh/helm-v3.14.4-linux-s390x.tar.gz) ([checksum](https://get.helm.sh/helm-v3.14.4-linux-s390x.tar.gz.sha256sum) / a5750d0cb1ba34ce84ab3be6382a14617130661d15dd2aa1b36630b293437936) - [Linux riscv64](https://get.helm.sh/helm-v3.14.4-linux-riscv64.tar.gz) ([checksum](https://get.helm.sh/helm-v3.14.4-linux-riscv64.tar.gz.sha256sum) / 925782b159392d52df5ebab88e04e695217325894c6a32a9a779e865b7e32411) - [Windows amd64](https://get.helm.sh/helm-v3.14.4-windows-amd64.zip) ([checksum](https://get.helm.sh/helm-v3.14.4-windows-amd64.zip.sha256sum) / 0b951db3eadd92dfe336b5a9ddb0640e5cd70d39abdbd7d3125e9fb59b22b669) This release was signed with ` 672C 657B E06B 4B30 969C 4A57 4614 49C2 5E36 B98E ` and can be found at [@​mattfarina](https://togithub.com/mattfarina) [keybase account](https://keybase.io/mattfarina). Please use the attached signatures for verifying this release using `gpg`. The [Quickstart Guide](https://helm.sh/docs/intro/quickstart/) will get you going from there. For **upgrade instructions** or detailed installation notes, check the [install guide](https://helm.sh/docs/intro/install/). You can also use a [script to install](https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3) on any system with `bash`. #### What's Next - 3.15.0 is the next feature release and will be on May 08, 2024. #### Changelog - refactor: create a helper for checking if a release is uninstalled [`81c902a`](https://togithub.com/helm/helm/commit/81c902a123462fd4052bc5e9aa9c513c4c8fc142) (Alex Petrov) - fix: reinstall previously uninstalled chart with --keep-history [`5a11c76`](https://togithub.com/helm/helm/commit/5a11c768386dab08ff026fb1001e592ab0a033f8) (Alex Petrov) - chore: remove repetitive words [`fb3d880`](https://togithub.com/helm/helm/commit/fb3d8805f017d898f9e88667829c21874a8f6166) (deterclosed) - chore(deps): bump google.golang.org/protobuf from 1.31.0 to 1.33.0 [`01ac4a2`](https://togithub.com/helm/helm/commit/01ac4a2c36d49e691982f85f4243fe449876fb5d) (dependabot\[bot]) - chore(deps): bump github.com/docker/docker [`138602d`](https://togithub.com/helm/helm/commit/138602da27a6ba67564d298e7b07f5624a341b88) (dependabot\[bot]) - bug: add proxy support for oci getter [`aa7d953`](https://togithub.com/helm/helm/commit/aa7d95333d5fbc1ea9ed20cc56f011c068e004be) (Ricardo Maraschini) </details> <details> <summary>rhysd/hgrep (rhysd/hgrep)</summary> ### [`v0.3.6`](https://togithub.com/rhysd/hgrep/blob/HEAD/CHANGELOG.md#v036---06-Apr-2024) [Compare Source](https://togithub.com/rhysd/hgrep/compare/v0.3.5...v0.3.6) - Add `-u`/`--unrestricted` flags to built-in ripgrep (`ripgrep` feature). This flag reduces the level of "smart" filtering by repeated uses (up to 2). A single flag `-u` is equivalent to `--no-ignore`. Two flags `-uu` are equivalent to `--no-ignore --hidden`. Unlike ripgrep, three flags `-uuu` are not supported since hgrep doesn't support `--binary` flag. ```sh ``` </details> <details> <summary>sigstore/cosign (sigstore/cosign)</summary> ### [`v2.2.4`](https://togithub.com/sigstore/cosign/blob/HEAD/CHANGELOG.md#v224) [Compare Source](https://togithub.com/sigstore/cosign/compare/v2.2.3...v2.2.4) #### Bug Fixes - Fixes for GHSA-88jx-383q-w4qc and GHSA-95pr-fxf5-86gv ([#​3661](https://togithub.com/sigstore/cosign/issues/3661)) - ErrNoSignaturesFound should be used when there is no signature attached to an image. ([#​3526](https://togithub.com/sigstore/cosign/issues/3526)) - fix semgrep issues for dgryski.semgrep-go ruleset ([#​3541](https://togithub.com/sigstore/cosign/issues/3541)) - Honor creation timestamp for signatures again ([#​3549](https://togithub.com/sigstore/cosign/issues/3549)) #### Features - Adds Support for Fulcio Client Credentials Flow, and Argument to Set Flow Explicitly ([#​3578](https://togithub.com/sigstore/cosign/issues/3578)) #### Documentation - add oci bundle spec ([#​3622](https://togithub.com/sigstore/cosign/issues/3622)) - Correct help text of triangulate cmd ([#​3551](https://togithub.com/sigstore/cosign/issues/3551)) - Correct help text of verify-attestation policy argument ([#​3527](https://togithub.com/sigstore/cosign/issues/3527)) - feat: add OVHcloud MPR registry tested with cosign ([#​3639](https://togithub.com/sigstore/cosign/issues/3639)) #### Testing - Refactor e2e-tests.yml workflow ([#​3627](https://togithub.com/sigstore/cosign/issues/3627)) - Clean up and clarify e2e scripts ([#​3628](https://togithub.com/sigstore/cosign/issues/3628)) - Don't ignore transparency log in tests if possible ([#​3528](https://togithub.com/sigstore/cosign/issues/3528)) - Make E2E tests hermetic ([#​3499](https://togithub.com/sigstore/cosign/issues/3499)) - add e2e test for pkcs11 token signing ([#​3495](https://togithub.com/sigstore/cosign/issues/3495)) </details> <details> <summary>snyk/cli (snyk/cli)</summary> ### [`v1.1288.0`](https://togithub.com/snyk/cli/releases/tag/v1.1288.0) [Compare Source](https://togithub.com/snyk/cli/compare/v1.1287.0...v1.1288.0) ##### Bug Fixes - add --experimental flag for snyk code test ([#​5151](https://togithub.com/snyk/snyk/issues/5151)) ([08647f2](https://togithub.com/snyk/snyk/commit/08647f295dd92ceb206a4f1b99e3b1905eab016e)) - make download of CLI in language server more resilient under windows \[IDE-90] ([#​5155](https://togithub.com/snyk/snyk/issues/5155)) ([1e51948](https://togithub.com/snyk/snyk/commit/1e5194853a3183629a9fad9679fc83e7b8d4d4cb)) ##### Features - bump language server protocol version to 11 \[IDE-236] ([#​5156](https://togithub.com/snyk/snyk/issues/5156)) ([fc41937](https://togithub.com/snyk/snyk/commit/fc41937f14f647e43e2b21b93ce3cc261a3de468)) </details> --- ### Configuration 📅 **Schedule**: Branch creation - "after 4pm on thursday" in timezone America/Los_Angeles, Automerge - At any time (no schedule defined). 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://togithub.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/scottames/dots). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4yNjkuMiIsInVwZGF0ZWRJblZlciI6IjM3LjI2OS4yIiwidGFyZ2V0QnJhbmNoIjoibWFpbiJ9--> --------- Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: scottames-github-bot[bot] <162828115+scottames-github-bot[bot]@users.noreply.github.com>
](https://renovatebot.com){kind=link}
Description
Using the implemented built-in private registry, Terragrunt caches Terraform providers without using
plugin_cache_dir, thereby ensuring that multiple Terraform processes can safely run concurrently.Fixes #2920.